Flexible NetFlow can be used to support the implementation of Cisco Network Based Application Recognition (NBAR) technology.
To configure a network device to utilize Flexible NetFlow, perform the following tasks:
These tasks are described in the following sections, using an example configuration to illustrate how to complete the tasks from the Cisco IOS command line interface (CLI).
Note: The network device you want to configure must be running a Cisco IOS release that supports Cisco IOS Flexible NetFlow.
The following example illustrates how to configure a Flexible NetFlow enabled device to utilize Flexible NetFlow in support of NBAR and Flow Monitor application monitoring. For more information see the Cisco IOS Flexible NetFlow configuration guide.
To create a flow monitor:
Router> enable
Router# configure terminal
Router(config)# flow monitor application-mon
Router(config-flow-monitor)# description app traffic analysis
Router(config-flow-monitor)# cache timeout active 60
To define a flow record:
Router > enable
Router# configure terminal
Router(config)# flow monitor application-mon
Router(config-flow-monitor)# flow record nbar-appmon
Router(config-flow-record)# description NBAR Flow Monitor
match
keyword.Router(config-flow-record)# match ipv4 tos
Router(config-flow-record)# match ipv4 protocol
Router(config-flow-record)# match ipv4 source address
Router(config-flow-record)# match ipv4 destination address
Router(config-flow-record)# match transport source-port
Router(config-flow-record)# match transport destination-port
Router(config-flow-record)# match interface input
Router(config-flow-record)# match application name
Note: By using the application name as a match parameter, you can utilize Network Based Application Recognition (NBAR) to collect statistics and report on network usage by individual applications.
collect
keyword.Router(config-flow-record)# collect interface output
Router(config-flow-record)# collect counter bytes
Router(config-flow-record)# collect counter packets
Router(config-flow-record)# collect transport tcp flags
Router(config)# flow monitor application-mon
Router(config-flow-monitor)# record nbar-appmon
When the record is complete, you can create the flow exporter. This component exports records from the flow monitor on the network device to the flow collector, in this case Flow Monitor.
To create a flow exporter:
Router > enable
Router# configure terminal
Router(config)# flow exporter export-to-ipswitch-flow-monitor
Router(config-flow-exporter)# description Flexible NF v9
Router(config-flow-exporter)# destination 192.168.3.47
Router(config-flow-exporter)# source GigabitEthernet0/0
Router(config-flow-exporter)# transport udp 9996
Router(config-flow-exporter)# template data timeout 120
Router(config-flow-exporter)# option interface-table
Router(config-flow-exporter)# option exporter-stats timeout 120
Router(config-flow-exporter)# option application-table timeout 120
Router# configure terminal
Router(config)# exporter export-to-ipswitch_flow_monitor